Renaming a group to string with = character at the end breaks the ocis

[SwikritiT]

Description

Renaming a group to string with = character at the end breaks the ocis

Steps to reproduce

1. create a group grp1

curl -XPOST "https://localhost:9200/graph/v1.0/groups" -d'{"displayName":"grp1"}' -uadmin:admin -vk

2. Rename the group to something with = at the last like grp1=

curl -XPATCH "https://localhost:9200/graph/v1.0/groups/<group-id>" \     
-d'{"displayName": "grp1="}' -uadmin:admin -vk

Note group id can be obtained from the response of POST request or curl "https://localhost:9200/graph/v1.0/groups" -uadmin:admin -vk

Expected Behaviour

The group gets renamed or some error message is thrown if the group cannot have = character

Actual Behaviour

The connection closes and the ocis server breaks

curl -XPATCH "https://localhost:9200/graph/v1.0/groups/792015d3-9b6c-4bb3-9147-e2114033bc37" \     
-d'{"displayName": "grp1="}' -uadmin:admin -vk
*   Trying 127.0.0.1:9200...
* Connected to localhost (127.0.0.1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=Acme Corp; CN=OCIS
*  start date: Mar 30 09:56:25 2023 GMT
*  expire date: Mar 29 09:56:25 2024 GMT
*  issuer: O=Acme Corp; CN=OCIS
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> PATCH /graph/v1.0/groups/792015d3-9b6c-4bb3-9147-e2114033bc37 HTTP/1.1
> Host: localhost:9200
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 24
> Content-Type: application/x-www-form-urlencoded
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS alert, decode error (562):
* OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
* Closing connection 0
curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0

Ocis Log

{"level":"info","time":"2023-03-30T15:41:26.622705857+05:45","caller":"/home/swikriti/go/pkg/mod/github.com/cs3org/reva/[email protected]/pkg/storage/utils/decomposedfs/migrator/0002_move_spacetypes_to_indexes.go:31","message":"Migrating space types indexes..."}
2023/03/30 15:42:07 http: TLS handshake error from [::1]:37392: remote error: tls: unknown certificate
2023/03/30 15:43:07 http: TLS handshake error from [::1]:49578: remote error: tls: unknown certificate
panic: runtime error: index out of range [0] with length 0

goroutine 596 [running]:
github.com/libregraph/idm/pkg/ldbbolt.(*LdbBolt).EntryModifyDN(0xc001181e30, 0xc0066c45f0)
	/home/swikriti/go/pkg/mod/github.com/libregraph/[email protected]/pkg/ldbbolt/ldbbolt.go:327 +0x26f
github.com/libregraph/idm/server/handler/boltdb.(*boltdbHandler).ModifyDN(0xc0005f8900, {0xc001dbe000, 0x2b}, 0xc0066c45f0, {0x422f638, 0xc001e7dc00})
	/home/swikriti/go/pkg/mod/github.com/libregraph/[email protected]/server/handler/boltdb/handler.go:240 +0x2c5
github.com/libregraph/idm/pkg/ldapserver.HandleModifyDNRequest(0x7f9b80592f80?, {0xc001dbe000, 0x2b}, 0xc0005f8660, {0x422f638, 0xc001e7dc00})
	/home/swikriti/go/pkg/mod/github.com/libregraph/[email protected]/pkg/ldapserver/modifydn.go:36 +0x3c2
github.com/libregraph/idm/pkg/ldapserver.(*Server).handleConnection(0xc0005f8660, {0x422f638, 0xc001e7dc00})
	/home/swikriti/go/pkg/mod/github.com/libregraph/[email protected]/pkg/ldapserver/server.go:370 +0x7c9
created by github.com/libregraph/idm/pkg/ldapserver.(*Server).Serve
	/home/swikriti/go/pkg/mod/github.com/libregraph/[email protected]/pkg/ldapserver/server.go:204 +0xc5

OCIS COMMIT ID = 182c375

[SwikritiT]

Note that issues #5970 #5968 #5969 might be related. I created them separately as behaviors weren't the same

[kobergj]

It's an issue with the underlying ldap package. We cannot support group names containing = at the moment.

We will return a BadRequest with an explaining string instead. This is done here: #5972